Example #1
0
    def useNonce(self, server_url, timestamp, salt):
        if abs(timestamp - time.time()) > SKEW:
            return False

        try:
            ononce = Nonce.objects.get(server_url__exact=server_url,
                                       timestamp__exact=timestamp,
                                       salt__exact=salt)
        except Nonce.DoesNotExist:
            ononce = Nonce(server_url=server_url,
                           timestamp=timestamp,
                           salt=salt)
            ononce.save()
            return True

        return False
Example #2
0
    def useNonce(self, server_url, timestamp, salt):
        if abs(timestamp - time.time()) > SKEW:
            return False

        try:
            ononce = Nonce.objects.get(
                server_url__exact=server_url,
                timestamp__exact=timestamp,
                salt__exact=salt)
        except Nonce.DoesNotExist:
            ononce = Nonce(
                server_url=server_url,
                timestamp=timestamp,
                salt=salt)
            ononce.save()
            return True

        return False
Example #3
0
def registration(request, attribute_set='default',
                 template_name='openid/registration_form.html',
                 form_class=OpenIDLoginForm):
    """ Try to submit all the registration attributes for mojeID registration"""

    registration_url = getattr(settings, 'MOJEID_REGISTRATION_URL',
                               MOJEID_REGISTRATION_URL)

    # Realm should be always something like 'https://example.org/openid/'
    realm = getattr(settings, 'MOJEID_REALM',
                    request.build_absolute_uri(reverse(top)))

    user = OpenIDBackend.get_user_from_request(request)
    user_id = user.pk if user else None

    # Create Nonce
    nonce = Nonce(server_url=realm, user_id=user_id)
    nonce.save()

    fields = []
    attributes = [x for x in get_attributes(attribute_set) if x.type == 'attribute']
    # Append attributes to creation request if user is valid
    if user:
        for attribute in attributes:
            form_attr = attribute.registration_form_attrs_html(user_id)
            if form_attr:
                fields.append(form_attr)

    # Render the redirection template
    return render_to_response(
        template_name,
        {
            'fields': fields,
            'action': registration_url,
            'realm': realm,
            'nonce': nonce.registration_nonce,
        },
        context_instance=RequestContext(request)
    )
Example #4
0
def registration(request, attribute_set='default',
                 template_name='openid/registration_form.html'):
    """ Try to submit all the registration attributes for mojeID registration"""

    # Realm should be always something like 'https://example.org/openid/'
    realm = getattr(settings, 'MOJEID_REALM',
                    request.build_absolute_uri(reverse(top)))

    user = OpenIDBackend.get_user_from_request(request)
    user_id = user.pk if user else None

    # Create Nonce
    nonce = Nonce(server_url=realm, user_id=user_id,
                  timestamp=time.time(), salt=randomString(35, NONCE_CHARS))
    nonce.save()

    fields = []
    attributes = [x for x in get_attributes(attribute_set) if x.type == 'attribute']
    # Append attributes to creation request if user is valid
    if user:
        for attribute in attributes:
            form_attr = attribute.registration_form_attrs_html(user_id)
            if form_attr:
                fields.append(form_attr)

    # Render the redirection template
    return render_to_response(
        template_name,
        {
            'fields': fields,
            'action': get_registration_url(),
            'realm': realm,
            'nonce': nonce.registration_nonce,
        },
        context_instance=RequestContext(request)
    )
Example #5
0
def assertion(request):
    """
    mojeID server connects here to propagate a response to the registration
    """
    def _reject(request, error):
        """ Reject response """
        return HttpResponse(dictToKV({'mode': 'reject', 'reason': error}))

    def _accept(request):
        """ Accept response """
        return HttpResponse(dictToKV({'mode': 'accept'}))

    # Accept only post
    if not request.method == 'POST':
        return _reject(request, Assertion.ErrorString.BAD_REQUEST)

    # Accept only valid status
    status = request.POST.get('status', None)
    if not status:
        return _reject(request, Assertion.ErrorString.MISSING_STATUS)
    if not status in Assertion.StatusCodes:
        return _reject(request, Assertion.ErrorString.INVALID_STATUS)

    # TODO check whether this request is from mojeID server and uses https with a proper certificate

    # Test calimed ID
    claimed_id = request.POST.get('claimed_id')
    if not claimed_id:
        return _reject(request, Assertion.ErrorString.MISSING_CLAIMED_ID)

    # The user was registered for mojeID
    if status == Assertion.StatusCodes.REGISTERED:
        registration_nonce = request.POST.get('registration_nonce')
        if registration_nonce is None:
            return _reject(request, Assertion.ErrorString.MISSING_NONCE)

        # check nonce
        try:
            nonce = Nonce.get_registration_nonce(registration_nonce)
        except Nonce.DoesNotExist:
            return _reject(request, Assertion.ErrorString.INVALID_NONCE)

        user_id = nonce.user_id
        nonce.delete()

        # Fetch the user
        user_model = get_user_model()
        try:
            user = user_model.objects.get(pk=user_id)
            # Create association
            OpenIDBackend.associate_openid(user, claimed_id)
        except (user_model.DoesNotExist, IdentityAlreadyClaimed):
            # Don't associte the user when the user doesn't exist or is already claimed
            # And assume that server sent us a valid claimed_id
            #
            # Note that user might been deleted before this assertion is triggered
            # Or the newly created mojeID account might been already associated
            # with a local account by the client
            #
            # Both of these cases are not considered as errors
            pass

    return _accept(request)
Example #6
0
def assertion(request):
    """
    mojeID server connects here to propagate a response to the registration
    """
    def _reject(request, error):
        """ Reject response """
        return HttpResponse(dictToKV({'mode': 'reject', 'reason': error}))

    def _accept(request):
        """ Accept response """
        return HttpResponse(dictToKV({'mode': 'accept'}))

    # Accept only post
    if not request.method == 'POST':
        return _reject(request, Assertion.ErrorString.BAD_REQUEST)

    # Accept only valid status
    status = request.POST.get('status', None)
    if not status:
        return _reject(request, Assertion.ErrorString.MISSING_STATUS)
    if status not in Assertion.StatusCodes:
        return _reject(request, Assertion.ErrorString.INVALID_STATUS)

    # TODO check whether this request is from mojeID server and uses https with a proper certificate

    # Test calimed ID
    claimed_id = request.POST.get('claimed_id')
    if not claimed_id:
        return _reject(request, Assertion.ErrorString.MISSING_CLAIMED_ID)

    # The user was registered for mojeID
    if status == Assertion.StatusCodes.REGISTERED:
        registration_nonce = request.POST.get('registration_nonce')
        if registration_nonce is None:
            return _reject(request, Assertion.ErrorString.MISSING_NONCE)

        # check nonce
        try:
            nonce = Nonce.get_registration_nonce(registration_nonce)
        except Nonce.DoesNotExist:
            return _reject(request, Assertion.ErrorString.INVALID_NONCE)

        user_id = nonce.user_id
        nonce.delete()

        # Try to associate the user with mojeID
        if user_id:
            # Fetch the user
            user_model = get_user_model()
            try:
                user = user_model.objects.get(pk=user_id)
                # Create association
                OpenIDBackend.associate_openid(user, claimed_id)
            except (user_model.DoesNotExist, IdentityAlreadyClaimed):
                # Don't associte the user when the user doesn't exist or is already claimed
                # And assume that server sent us a valid claimed_id
                #
                # Note that user might been deleted before this assertion is triggered
                # Or the newly created mojeID account might been already associated
                # with a local account by the client
                #
                # Both of these cases are not considered as errors
                pass

    return _accept(request)